AI Risk Assessment — dataloss.ai

AI Risk Assessment Question 1 of 8

Question 01 / 08

How many people at your company use AI tools like ChatGPT, Copilot, or similar regularly?

ANone that I know of

BA few (1–5 people)

CA good number (6–20 people)

DMost of the company

Question 02 / 08

Does your company have a written policy covering how employees should use AI tools?

AYes, and employees have seen it

BWe have something informal / undocumented

CNo, nothing written down

DI'm not sure

Question 03 / 08

Have employees ever pasted customer data, financial information, or internal documents into an AI tool?

ADefinitely not — we have controls preventing this

BProbably not, but I can't say for certain

CAlmost certainly yes

DI have no visibility into this

Question 04 / 08

Do you know whether your AI vendors use your company's data to train their models?

AYes — we've reviewed their terms and opted out where possible

BWe've looked at it but aren't sure what it means

CWe haven't looked at this

DI didn't know this was a thing

Question 05 / 08

Does your company handle any of the following types of sensitive data?

Select all that apply

APatient or health information (HIPAA)

BFinancial records or payment data (PCI)

CLegal documents or privileged communications

DPersonal data of EU/UK residents (GDPR)

ENone of the above

Question 06 / 08

Have you reviewed AI-related clauses in your vendor or software contracts in the past 12 months?

AYes, we review contracts for AI/data clauses regularly

BWe've done some review but not systematically

CNo, we haven't looked at this specifically

DWe don't have a formal contract review process

Question 07 / 08

Has your cyber insurer asked about your company's AI usage on your renewal application?

AYes — and we answered thoroughly

BYes — but we weren't sure how to answer

CNot yet, but I expect it soon

DNo, and I haven't thought about it

Question 08 / 08

Do you know where your company's sensitive documents live — and who has access to them?

AYes — we have documented access controls

BMostly — there are some gaps we're aware of

CVaguely — it's somewhat ad hoc

DNo clear picture

Analyzing your exposure...

This takes about 30 seconds.

Scoring your responses

Mapping risk categories

Generating your report

Preparing your results